仅允许指定IP访问本机的多个端口,同时不影响其他端口的正常访问

1、创建自定义链

iptables -N ALLOWED_PORTS

2、将受保护端口的流量导向自定义链

iptables -I INPUT -p tcp -m multiport --dports 27017,6379,16379,26379 -j ALLOWED_PORTS

3、在自定义链中添加允许规则

iptables -A ALLOWED_PORTS -s 31.0.219.68 -j ACCEPT
iptables -A ALLOWED_PORTS -s 31.0.219.78 -j ACCEPT
iptables -A ALLOWED_PORTS -s 31.0.219.222 -j ACCEPT
iptables -A ALLOWED_PORTS -s 31.0.219.103 -j ACCEPT
iptables -A ALLOWED_PORTS -s 31.0.219.158 -j ACCEPT
iptables -A ALLOWED_PORTS -s 31.0.219.70 -j ACCEPT
iptables -A ALLOWED_PORTS -s 31.0.219.102 -j ACCEPT
iptables -A ALLOWED_PORTS -s 31.0.219.224 -j ACCEPT
iptables -A ALLOWED_PORTS -s 31.0.219.218 -j ACCEPT

4、添加默认拒绝规则

iptables -A ALLOWED_PORTS -j DROP

5、验证配置

# 查看自定义链规则
iptables -L ALLOWED_PORTS -n -v

# 查看INPUT链中的跳转规则
iptables -L INPUT -n | grep -A2 ALLOWED_PORTS


6、保存规则 

iptables-save > /etc/sysconfig/iptables
作者:wiki  创建时间:2026-06-05 17:27
最后编辑:wiki  更新时间:2026-06-05 17:35
prev:
next: